What is claimed is: 



Attorney Docket No. 1 560 1 9ROUS0 1 U 



17 



Attorney Docket No. 1 560 1 9ROUS0 1 U 

CLAIMS 

1 . A method comprising the steps of: 

receiving a Session Initiation Protocol (SIP) message containing VPN information from 
an initiating application; and 

registering the VPN information on a communication network. 

2. The method of claim 1, wherein the communication network is a Multi-Protocol Label 
Switching (MPLS) network. 

3. The method of claim 1, wherein the step of registering uses Multi-Protocol Border 
Gateway Protocol (MP-BGP) to distribute routing information associated with the initiating 
application to the communication network. 

4. The method of claim 1, wherein the step of registering causes the communication 
network to establish network VPN tunnels. 

5. The method of claim 1, further comprising receiving a SIP message from an initiating 
application containing a request for network VPN resources. 

6. The method of claim 5, wherein the request for network VPN resources comprises 
VPN information including requested bandwidth, duration, and quality of service. 

7. The method of claim 5, further comprising signaling the request to the communication 
network. 

8. The method of claim 7, wherein signaling the request to the communication network 
comprises instructing the communication network to reserve network VPN resources on a 
network VPN tunnel according to the VPN information. 

9. The method of claim 5, further comprising forwarding a SIP invite message toward a 
destination application. 
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10. Software for providing network VPN services on demand, comprising: 

program logic configured to register application- VPN-ID information associated with a 
first application on a communication network; and 

program logic configured to interface with the communication network to obtain network 
VPN resources associated with the application- VPN-ID information upon receipt of a request for 
access to the network VPN resources from the first application. 

11. The software of claim 10, further comprising program logic for maintaining a 
mapping between the first application and the network VPN resources provided to the first 
application. 

12. The software of claim 10, fiirther comprising program logic configured to receive 
session initiation protocol (SIP) signaling from a SIP agent associated with the first application 
and to generate SIP signaling directed to a second application. 

13. A Service - Virtual Private Network (S-VPN) gateway, comprising: 

a Session Initiation Protocol (SIP) server configured to handle SIP signaling to enable a 
first application to register for network VPN resources using said SIP signaling. 

14. The S-VPN gateway of claim 13, wherein the SIP server is further configured to 
handle SIP signaling to enable the first application to request access to said network VPN 
services. 

15. The S-VPN gateway of claim 14, further comprising a media signaling gateway 
configured to interface with at least one network device configured to participate in providing 
said network VPN services. 

16. The S-VPN gateway of claim 14, fiirther comprising a services module configured to 
provide authentication, authorization, and accounting services on the communication network. 
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17. The S-VPN gateway of claim 13, further comprising an application- VPN database 
configured to store information associating applications with network VPN resources on the 
communication network. 
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